Merge pull request #104 from alexanderbeletsky/ssl

issue #101: added ssl configuration

README.md

@@ -76,6 +76,10 @@ To setup environment for your application, create file `/home/git/APP_NAME/ENV`.
 
 Next time the application is deployed, those variables would be exposed by `start` script.
 
+## SSL support
+
+Dokku provides easy SSL support from the box. To enable SSL connection to your application, copy `.crt` and `.key` file into `/home/git/:app/ssl` folder (notice, file names should be `server.crt` and `server.key`, respectively). Redeployment of application will be needed to apply SSL configuration. Once it redeployed, application will be accessible by `https://` (redirection from `http://` is applied as well).
+
 ## Advanced installation (for development)
 
 If you plan on developing dokku, the easiest way to install from your own repository is cloning
@@ -138,7 +142,6 @@ You can use [Github Issues](https://github.com/progrium/dokku/issues), check [Tr
 ## Ideas for Improvements
 
  * Custom domain support for apps
- * HTTPS support on default domain
  * Support more buildpacks (see Buildstep)
  * Use dokku as the system user instead of git
  * Heroku-ish commands to be run via SSH (like [Dokuen](https://github.com/peterkeen/dokuen#available-app-sub-commands))

plugins/nginx-vhosts/post-deploy

@@ -1,6 +1,7 @@
 #!/bin/bash
 set -e
 APP="$1"; PORT="$2"
+SSL="$HOME/$APP/ssl"
 
 if [[ -f "$HOME/VHOST" ]]; then
   VHOST=$(< "$HOME/VHOST")
@@ -10,20 +11,55 @@ if [[ -f "$HOME/VHOST" ]]; then
   else
     hostname="${APP/\//-}.$VHOST"
   fi
+
+  # ssl based nginx.conf
+  if [[ -f "$SSL/server.crt" ]] && [[ -f "$SSL/server.key" ]]; then
   cat<<EOF > $HOME/$APP/nginx.conf
 upstream $APP { server 127.0.0.1:$PORT; }
-server { 
+server {
+  listen      80;
+  server_name $hostname;
+  return 301 https://\$host\$request_uri;
+}
+
+server {
+  listen      443;
+  server_name $hostname;
+
+  ssl on;
+  ssl_certificate     $SSL/server.crt;
+  ssl_certificate_key $SSL/server.key;
+  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA;
+  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+  ssl_prefer_server_ciphers on;
+
+  location    / {
+    proxy_pass  http://$APP;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade \$http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host \$http_host;
+    proxy_set_header X-Scheme \$scheme;
+  }
+}
+EOF
+else
+# default nginx.conf
+  cat<<EOF > $HOME/$APP/nginx.conf
+upstream $APP { server 127.0.0.1:$PORT; }
+server {
   listen      80;
   server_name $hostname;
   location    / {
     proxy_pass  http://$APP;
     proxy_http_version 1.1;
     proxy_set_header Upgrade \$http_upgrade;
-    proxy_set_header Connection "upgrade"; 
+    proxy_set_header Connection "upgrade";
     proxy_set_header Host \$http_host;
   }
 }
 EOF
+  fi
   nc -U $HOME/reload-nginx
   echo "$hostname" > "$HOME/$APP/VHOST"
-fi
+fi